Page MenuHomePhabricator
Create Task
Maniphest T374980

Enforce exclusion of private IP addresses from $wmgThrottlingExceptions in CI
Closed, ResolvedPublic
Actions

Description

According to Mass account creation § Requesting temporary lift of IP cap, private IP addresses are not suitable for throttling exceptions:

Please check carefully the IP addresses the conference venue gives you.

If the IP address starts by 10. or by 192.168., this is a private address, used internally on the network, but not routable.

If the IP address is included between 172.16.0.0 and 172.31.255.255, this is also a private address.

Apparently this is not currently enforced in CI; this change with an 172.16.29.137 IP address was merged and deployed, and only afterwards reverted.

I think we should check for private IP addresses in CI rather than hoping that the reviewers or deployers will notice it.

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Check that throttling exceptions use valid public IP addressesoperations/mediawiki-configmaster+139 -2
DNM: Add various invalid IP rangesoperations/mediawiki-configmaster+23 -33
Customize query in gerrit

Related Objects

Event Timeline

Lucas_Werkmeister_WMDE created this task.Sep 17 2024, 4:01 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 17 2024, 4:01 PM
Lucas_Werkmeister_WMDE added a comment.Sep 17 2024, 4:02 PM

(No idea what a good tag for this task would be, to be honest. Wikimedia-Site-requests is my best guess.)

gerritbot added a comment.Sep 17 2024, 4:24 PM

Change #1073487 had a related patch set uploaded (by Lucas Werkmeister (WMDE); author: Lucas Werkmeister (WMDE)):

[operations/mediawiki-config@master] Check that throttling exceptions use valid public IP addresses

https://gerrit.wikimedia.org/r/1073487

gerritbot added a project: Patch-For-Review.Sep 17 2024, 4:24 PM

Change #1073488 had a related patch set uploaded (by Lucas Werkmeister (WMDE); author: Lucas Werkmeister (WMDE)):

[operations/mediawiki-config@master] DNM: Add various invalid IP ranges

https://gerrit.wikimedia.org/r/1073488

gerritbot added a comment.Sep 18 2024, 1:01 PM

Change #1073488 abandoned by Hashar:

[operations/mediawiki-config@master] DNM: Add various invalid IP ranges

Reason:

That was to exercise Ic4701011bcc422f5e25a2378e5ccfa9f48f1a7f6

https://gerrit.wikimedia.org/r/1073488

gerritbot added a comment.Sep 18 2024, 1:06 PM

Change #1073487 merged by jenkins-bot:

[operations/mediawiki-config@master] Check that throttling exceptions use valid public IP addresses

https://gerrit.wikimedia.org/r/1073487

Stashbot added a comment.Sep 18 2024, 1:09 PM

Mentioned in SAL (#wikimedia-operations) [2024-09-18T13:09:24Z] <dreamyjazz@deploy1003> Started scap sync-world: Backport for [[gerrit:1073739|GrowthExperiments: enable Community Updates module in testwiki (T374577)]], [[gerrit:1073487|Check that throttling exceptions use valid public IP addresses (T374980)]], [[gerrit:1073790|Hide temp account IP address viewing right from non-temp account wikis (T369187)]], [[gerrit:1073586|Lift IP cap on 2024-10-07/08 for edit-a-thon (T374964)]]

Stashbot mentioned this in T374577: Community Updates module: Release to Test Wikipedia.Sep 18 2024, 1:09 PM
Stashbot mentioned this in T374964: Lift IP cap on this dates 2024-10-07/08 for edit-a-thon for eswiki, commons and wikidata.
Stashbot mentioned this in T369187: Allow users to be autopromoted into checkuser-temporary-account-viewer group based on local criteria.
Stashbot added a comment.Sep 18 2024, 1:11 PM

Mentioned in SAL (#wikimedia-operations) [2024-09-18T13:11:53Z] <dreamyjazz@deploy1003> sgimeno, anzx, lucaswerkmeister-wmde, cscott, hnowlan, dreamyjazz: Backport for [[gerrit:1073739|GrowthExperiments: enable Community Updates module in testwiki (T374577)]], [[gerrit:1073487|Check that throttling exceptions use valid public IP addresses (T374980)]], [[gerrit:1073790|Hide temp account IP address viewing right from non-temp account wikis (T369187)]], [[gerrit:1073586|Lift IP cap on

Lucas_Werkmeister_WMDE closed this task as Resolved.Sep 18 2024, 1:14 PM
Lucas_Werkmeister_WMDE claimed this task.
Stashbot added a comment.Sep 18 2024, 1:20 PM

Mentioned in SAL (#wikimedia-operations) [2024-09-18T13:20:33Z] <dreamyjazz@deploy1003> Finished scap sync-world: Backport for [[gerrit:1073739|GrowthExperiments: enable Community Updates module in testwiki (T374577)]], [[gerrit:1073487|Check that throttling exceptions use valid public IP addresses (T374980)]], [[gerrit:1073790|Hide temp account IP address viewing right from non-temp account wikis (T369187)]], [[gerrit:1073586|Lift IP cap on 2024-10-07/08 for edit-a-thon (T374964)]

Maintenance_bot removed a project: Patch-For-Review.Sep 18 2024, 1:30 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits